Scalable Dynamic Analysis of Binary Code

Scalable Dynamic Analysis of Binary Code
Author :
Publisher : Linköping University Electronic Press
Total Pages : 86
Release :
ISBN-10 : 9789176850497
ISBN-13 : 9176850498
Rating : 4/5 (97 Downloads)

Book Synopsis Scalable Dynamic Analysis of Binary Code by : Ulf Kargén

Download or read book Scalable Dynamic Analysis of Binary Code written by Ulf Kargén and published by Linköping University Electronic Press. This book was released on 2019-08-22 with total page 86 pages. Available in PDF, EPUB and Kindle. Book excerpt: In recent years, binary code analysis, i.e., applying program analysis directly at the machine code level, has become an increasingly important topic of study. This is driven to a large extent by the information security community, where security auditing of closed-source software and analysis of malware are important applications. Since most of the high-level semantics of the original source code are lost upon compilation to executable code, static analysis is intractable for, e.g., fine-grained information flow analysis of binary code. Dynamic analysis, however, does not suffer in the same way from reduced accuracy in the absence of high-level semantics, and is therefore also more readily applicable to binary code. Since fine-grained dynamic analysis often requires recording detailed information about every instruction execution, scalability can become a significant challenge. In this thesis, we address the scalability challenges of two powerful dynamic analysis methods whose widespread use has, so far, been impeded by their lack of scalability: dynamic slicing and instruction trace alignment. Dynamic slicing provides fine-grained information about dependencies between individual instructions, and can be used both as a powerful debugging aid and as a foundation for other dynamic analysis techniques. Instruction trace alignment provides a means for comparing executions of two similar programs and has important applications in, e.g., malware analysis, security auditing, and plagiarism detection. We also apply our work on scalable dynamic analysis in two novel approaches to improve fuzzing — a popular random testing technique that is widely used in industry to discover security vulnerabilities. To use dynamic slicing, detailed information about a program execution must first be recorded. Since the amount of information is often too large to fit in main memory, existing dynamic slicing methods apply various time-versus-space trade-offs to reduce memory requirements. However, these trade-offs result in very high time overheads, limiting the usefulness of dynamic slicing in practice. In this thesis, we show that the speed of dynamic slicing can be greatly improved by carefully designing data structures and algorithms to exploit temporal locality of programs. This allows avoidance of the expensive trade-offs used in earlier methods by accessing recorded runtime information directly from secondary storage without significant random-access overhead. In addition to being a standalone contribution, scalable dynamic slicing also forms integral parts of our contributions to fuzzing. Our first contribution uses dynamic slicing and binary code mutation to automatically turn an existing executable into a test generator. In our experiments, this new approach to fuzzing achieved about an order of magnitude better code coverage than traditional mutational fuzzing and found several bugs in popular Linux software. The second work on fuzzing presented in this thesis uses dynamic slicing to accelerate the state-of-the-art fuzzer AFL by focusing the fuzzing effort on previously unexplored parts of the input space. For the second dynamic analysis technique whose scalability we sought to improve — instruction trace alignment — we employed techniques used in speech recognition and information retrieval to design what is, to the best of our knowledge, the first general approach to aligning realistically long program traces. We show in our experiments that this method is capable of producing meaningful alignments even in the presence of significant syntactic differences stemming from, for example, the use of different compilers or optimization levels.

Federal Plan for Cyber Security and Information Assurance Research and Development

Federal Plan for Cyber Security and Information Assurance Research and Development
Author :
Publisher :
Total Pages : 140
Release :
ISBN-10 : IND:30000125979801
ISBN-13 :
Rating : 4/5 (01 Downloads)

Book Synopsis Federal Plan for Cyber Security and Information Assurance Research and Development by : National Science and Technology Council (U.S.) Interagency Working Group on Cyber Security and Information Assurance

Download or read book Federal Plan for Cyber Security and Information Assurance Research and Development written by National Science and Technology Council (U.S.) Interagency Working Group on Cyber Security and Information Assurance and published by . This book was released on 2006 with total page 140 pages. Available in PDF, EPUB and Kindle. Book excerpt:

Binary Code Fingerprinting for Cybersecurity

Binary Code Fingerprinting for Cybersecurity
Author :
Publisher : Springer Nature
Total Pages : 264
Release :
ISBN-10 : 9783030342388
ISBN-13 : 3030342387
Rating : 4/5 (88 Downloads)

Book Synopsis Binary Code Fingerprinting for Cybersecurity by : Saed Alrabaee

Download or read book Binary Code Fingerprinting for Cybersecurity written by Saed Alrabaee and published by Springer Nature. This book was released on 2020-02-29 with total page 264 pages. Available in PDF, EPUB and Kindle. Book excerpt: This book addresses automated software fingerprinting in binary code, especially for cybersecurity applications. The reader will gain a thorough understanding of binary code analysis and several software fingerprinting techniques for cybersecurity applications, such as malware detection, vulnerability analysis, and digital forensics. More specifically, it starts with an overview of binary code analysis and its challenges, and then discusses the existing state-of-the-art approaches and their cybersecurity applications. Furthermore, it discusses and details a set of practical techniques for compiler provenance extraction, library function identification, function fingerprinting, code reuse detection, free open-source software identification, vulnerability search, and authorship attribution. It also illustrates several case studies to demonstrate the efficiency, scalability and accuracy of the above-mentioned proposed techniques and tools. This book also introduces several innovative quantitative and qualitative techniques that synergistically leverage machine learning, program analysis, and software engineering methods to solve binary code fingerprinting problems, which are highly relevant to cybersecurity and digital forensics applications. The above-mentioned techniques are cautiously designed to gain satisfactory levels of efficiency and accuracy. Researchers working in academia, industry and governmental agencies focusing on Cybersecurity will want to purchase this book. Software engineers and advanced-level students studying computer science, computer engineering and software engineering will also want to purchase this book.

Applications and Techniques in Information Security

Applications and Techniques in Information Security
Author :
Publisher : Springer
Total Pages : 275
Release :
ISBN-10 : 9783662456705
ISBN-13 : 3662456702
Rating : 4/5 (05 Downloads)

Book Synopsis Applications and Techniques in Information Security by : Lynn Batten

Download or read book Applications and Techniques in Information Security written by Lynn Batten and published by Springer. This book was released on 2014-11-13 with total page 275 pages. Available in PDF, EPUB and Kindle. Book excerpt: This book constitutes the refereed proceedings of the International Conference on Applications and Techniques in Information Security, ATIS 2014, held in Melbourne, Australia, in November 2014. The 16 revised full papers and 8 short papers presented were carefully reviewed and selected from 56 submissions. The papers are organized in topical sections on applications; curbing cyber crimes; data privacy; digital forensics; security implementations.

Handbook of Software Engineering

Handbook of Software Engineering
Author :
Publisher : Springer
Total Pages : 533
Release :
ISBN-10 : 9783030002626
ISBN-13 : 3030002624
Rating : 4/5 (26 Downloads)

Book Synopsis Handbook of Software Engineering by : Sungdeok Cha

Download or read book Handbook of Software Engineering written by Sungdeok Cha and published by Springer. This book was released on 2019-02-11 with total page 533 pages. Available in PDF, EPUB and Kindle. Book excerpt: This handbook provides a unique and in-depth survey of the current state-of-the-art in software engineering, covering its major topics, the conceptual genealogy of each subfield, and discussing future research directions. Subjects include foundational areas of software engineering (e.g. software processes, requirements engineering, software architecture, software testing, formal methods, software maintenance) as well as emerging areas (e.g., self-adaptive systems, software engineering in the cloud, coordination technology). Each chapter includes an introduction to central concepts and principles, a guided tour of seminal papers and key contributions, and promising future research directions. The authors of the individual chapters are all acknowledged experts in their field and include many who have pioneered the techniques and technologies discussed. Readers will find an authoritative and concise review of each subject, and will also learn how software engineering technologies have evolved and are likely to develop in the years to come. This book will be especially useful for researchers who are new to software engineering, and for practitioners seeking to enhance their skills and knowledge.

Adaptive Autonomous Secure Cyber Systems

Adaptive Autonomous Secure Cyber Systems
Author :
Publisher : Springer Nature
Total Pages : 291
Release :
ISBN-10 : 9783030334321
ISBN-13 : 3030334325
Rating : 4/5 (21 Downloads)

Book Synopsis Adaptive Autonomous Secure Cyber Systems by : Sushil Jajodia

Download or read book Adaptive Autonomous Secure Cyber Systems written by Sushil Jajodia and published by Springer Nature. This book was released on 2020-02-04 with total page 291 pages. Available in PDF, EPUB and Kindle. Book excerpt: This book explores fundamental scientific problems essential for autonomous cyber defense. Specific areas include: Game and control theory-based moving target defenses (MTDs) and adaptive cyber defenses (ACDs) for fully autonomous cyber operations; The extent to which autonomous cyber systems can be designed and operated in a framework that is significantly different from the human-based systems we now operate; On-line learning algorithms, including deep recurrent networks and reinforcement learning, for the kinds of situation awareness and decisions that autonomous cyber systems will require; Human understanding and control of highly distributed autonomous cyber defenses; Quantitative performance metrics for the above so that autonomous cyber defensive agents can reason about the situation and appropriate responses as well as allowing humans to assess and improve the autonomous system. This book establishes scientific foundations for adaptive autonomous cyber systems and ultimately brings about a more secure and reliable Internet. The recent advances in adaptive cyber defense (ACD) have developed a range of new ACD techniques and methodologies for reasoning in an adaptive environment. Autonomy in physical and cyber systems promises to revolutionize cyber operations. The ability of autonomous systems to execute at scales, scopes, and tempos exceeding those of humans and human-controlled systems will introduce entirely new types of cyber defense strategies and tactics, especially in highly contested physical and cyber environments. The development and automation of cyber strategies that are responsive to autonomous adversaries pose basic new technical challenges for cyber-security. This book targets cyber-security professionals and researchers (industry, governments, and military). Advanced-level students in computer science and information systems will also find this book useful as a secondary textbook.

Cyber Threat Intelligence for the Internet of Things

Cyber Threat Intelligence for the Internet of Things
Author :
Publisher : Springer Nature
Total Pages : 98
Release :
ISBN-10 : 9783030458584
ISBN-13 : 303045858X
Rating : 4/5 (84 Downloads)

Book Synopsis Cyber Threat Intelligence for the Internet of Things by : Elias Bou-Harb

Download or read book Cyber Threat Intelligence for the Internet of Things written by Elias Bou-Harb and published by Springer Nature. This book was released on 2020-05-30 with total page 98 pages. Available in PDF, EPUB and Kindle. Book excerpt: This book reviews IoT-centric vulnerabilities from a multidimensional perspective by elaborating on IoT attack vectors, their impacts on well-known security objectives, attacks which exploit such vulnerabilities, coupled with their corresponding remediation methodologies. This book further highlights the severity of the IoT problem at large, through disclosing incidents of Internet-scale IoT exploitations, while putting forward a preliminary prototype and associated results to aid in the IoT mitigation objective. Moreover, this book summarizes and discloses findings, inferences, and open challenges to inspire future research addressing theoretical and empirical aspects related to the imperative topic of IoT security. At least 20 billion devices will be connected to the Internet in the next few years. Many of these devices transmit critical and sensitive system and personal data in real-time. Collectively known as “the Internet of Things” (IoT), this market represents a $267 billion per year industry. As valuable as this market is, security spending on the sector barely breaks 1%. Indeed, while IoT vendors continue to push more IoT devices to market, the security of these devices has often fallen in priority, making them easier to exploit. This drastically threatens the privacy of the consumers and the safety of mission-critical systems. This book is intended for cybersecurity researchers and advanced-level students in computer science. Developers and operators working in this field, who are eager to comprehend the vulnerabilities of the Internet of Things (IoT) paradigm and understand the severity of accompanied security issues will also be interested in this book.